Malicious PDF — malware analysis report

Static analysis result for SHA-256 bf2df9324bf24a85…

MALICIOUS

PDF

44.0 KB Created: 2018-11-14 11:21:27 +03:00 Authoring application: Adobe Acrobat Pro 10.0.0 (via ESP Ghostscript 7.07)
MD5: 528aa0a8d045a0ec5270d7f656714e8b SHA-1: 7d80c0a0cfabbba5a86da3a9b6cfb1a136cf6206 SHA-256: bf2df9324bf24a8597e12dd07079e971d090fdbcab38648fa11128d533245d94
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF contains a large number of embedded URLs pointing to PDF files on the domain 'gorillawalker.com'. This behavior is indicative of a link farm, likely intended for SEO manipulation or to serve as a distribution point for further malicious content. The ML classifier also flagged this PDF as malicious with high confidence.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9016

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/research-methods-the-concise-knowledge-base.pdf
    • http://www.gorillawalker.com/slasher.pdf
    • http://www.gorillawalker.com/alive-and-kicking.pdf
    • http://www.gorillawalker.com/the-yellow-birds-a-novel.pdf
    • http://www.gorillawalker.com/erin-s-daughters-in-america-irish-immigrant-women-in-the.pdf
    • http://www.gorillawalker.com/equipping-quality-youth-development-professionals-improving-child-and-youth-program.pdf
    • http://www.gorillawalker.com/birder-s-guide-to-texas-birder-s-guides-series.pdf
    • http://www.gorillawalker.com/chronic-illnesses-pharmacotherapy-self-assessment-program-seventh-edition-book-5.pdf
    • http://www.gorillawalker.com/washington-and-his-generals-part-two.pdf
    • http://www.gorillawalker.com/divi-rtete-multiplicando-en-verso-have-fun-multiplying-in-verse.pdf
    • http://www.gorillawalker.com/jane-s-eod-cbrne-defence-equipment-2013-2014.pdf
    • http://www.gorillawalker.com/biogeochemistry-of-ancient-and-modern-environments-proceedings-of-the-fourth.pdf
    • http://www.gorillawalker.com/30-minute-vegetarian-grilling.pdf
    • http://www.gorillawalker.com/mediatization-concept-changes-consequences.pdf
    • http://www.gorillawalker.com/quiet-in-the-land.pdf
    • http://www.gorillawalker.com/physics-and-technology-of-amorphous-crystalline-heterostructure-silicon-solar-cells.pdf
    • http://www.gorillawalker.com/newnes-electronics-engineer-s-pocket-book-second-edition-newnes-pocket.pdf
    • http://www.gorillawalker.com/virtually-yours-the-pin-ups-vol-i.pdf
    • http://www.gorillawalker.com/restoration-woodworking-class.pdf
    • http://www.gorillawalker.com/life-the-next-phase.pdf
    • http://www.gorillawalker.com/the-life-and-times-of-niccolo-machiavelli-volume-i.pdf
    • http://www.gorillawalker.com/concepts-of-psychiatric-nursing-rn-nclex-review.pdf
    • http://www.gorillawalker.com/cours-de-rafting-canyoning-et-sports-d-eau-vive.pdf
    • http://www.gorillawalker.com/heatstroke-why-canada-s-summer-olympic-program-is-failing-and.pdf
    • http://www.gorillawalker.com/selected-books-and-journals-in-science-and-engineering-technology-monogrtaphs.pdf
    • http://www.gorillawalker.com/jazz-guitar-structures.pdf
    • http://www.gorillawalker.com/effectuation-elements-of-entrepreneurial-expertise-new-horizons-in-entrepreneurship-series.pdf
    • http://www.gorillawalker.com/goal-pursuit-in-education-using-focused-action-research-the-neuroleadership.pdf
    • http://www.gorillawalker.com/keeping-secrets-ii-no-more-skeletons-volume-2.pdf
    • http://www.gorillawalker.com/solid-state-video-cameras-epo-applied-technology-series.pdf
    • http://www.gorillawalker.com/rapport-sur-la-gouvernance-en-afrique-ii-2009-french-edition.pdf
    • http://www.gorillawalker.com/autocad-2011-and-autocad-lt-2011-no-experience-required.pdf
    • http://www.gorillawalker.com/collected-poems-of-thomas-hardy-wordsworth-collection.pdf
    • http://www.gorillawalker.com/an-executive-perspective-on-workforce-planning.pdf
    • http://www.gorillawalker.com/the-homebrewer-s-garden-how-to-easily-grow-prepare-and.pdf
    • http://www.gorillawalker.com/consciousness-and-the-acquisition-of-language-studies-in-phenomenology-and.pdf
    • http://www.gorillawalker.com/the-captain-and-mr-shrode-a-firsthand-account-of-the.pdf
    • http://www.gorillawalker.com/evidence-based-reading-grade-3-applying-the-standards.pdf
    • http://www.gorillawalker.com/cultura-da-conex-o-criando-valor-e-significado-por-meio.pdf
    • http://www.gorillawalker.com/young-magician-card-tricks-young-magician-series.pdf
    • http://www.gorillawalker.com/chronic-illnesses-pharmacother
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.